[LEDE-DEV] [PATCH] build: reintroduce md5 checksums for generated firmware images
Stefan Lippers-Hollmann
s.l-h at gmx.de
Wed Aug 17 18:00:35 PDT 2016
Hi
On 2016-08-18, Karl Palsson wrote:
> Why not just add sha256 sum rather than going back to md5?
[...]
Generating md5sums in addition to sha256sums files only affects build
time slightly, but doesn't increase the firmware size itself. Given
that apparently nothing currently requires a sha256sum binary at firmware
runtime, I'd personally consider it to be cheaper not bumping busybox'
size needlessly.
While it's obvious that MD5 can't be considered cryptographically
secure anymore, it does still work nicely for checking file integrity
in regards to potential transmission errors.
$ ./scripts/diffconfig.sh
CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Default=y
$ ls -gG no-sha256sum/busybox with-sha256sum/busybox
-rwxr-xr-x 1 300437 Aug 17 23:38 no-sha256sum/busybox
-rwxr-xr-x 1 304405 Aug 17 23:38 with-sha256sum/busybox
Giving it a quick/ rough compressed size estimate (-6, with a dictionary
size of 8 MB, would need 9 MB RAM for decompressing, which would be too
much for 32 MB RAM devices, so the actual compressed size delta of the
squashfs image is probably slightly larger):
$ xz -6 no-sha256sum/busybox
$ xz -6 with-sha256sum/busybox
$ ls -gG no-sha256sum/busybox.xz with-sha256sum/busybox.xz
-rwxr-xr-x 1 173188 Aug 17 23:38 no-sha256sum/busybox.xz
-rwxr-xr-x 1 174704 Aug 17 23:38 with-sha256sum/busybox.xz
The difference between "no-sha256sum/busybox" and
"with-sha256sum/busybox":
--- a/package/utils/busybox/Config-defaults.in
+++ b/package/utils/busybox/Config-defaults.in
@@ -705,7 +705,7 @@ config BUSYBOX_DEFAULT_SHA1SUM
default n
config BUSYBOX_DEFAULT_SHA256SUM
bool
- default n
+ default y
config BUSYBOX_DEFAULT_SHA512SUM
bool
default n
Regards
Stefan Lippers-Hollmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20160818/b920081f/attachment.sig>
More information about the Lede-dev
mailing list